- تاریخ برگزاری: طبق توافق سازمان
- مدت زمان دوره: 40 ساعت
- روزهای برگزاری: طبق توافق سازمان
- ساعات برگزاری: طبق توافق سازمان
- نام استاد:
- قیمت: تومان
- هزینه دوره مجازی:
- تماس: ۰۲۱۶۶۰۸۶۰۱۹
دوره ٰSANS SEC542
• Overview of the web from a penetration tester's perspective
• Web application assessment methodologies
• The penetration tester's toolkit
• WHOIS and DNS reconnaissance
• Open source intelligence (OSINT)
• The HTTP protocol
• Secure Sockets Layer (SSL) configurations and weaknesses
• Interception Proxies
• Proxying SSL through BurpSuite Pro and Zed Attack Proxy
• Heartbleed exploitation
• Target profiling
• Collecting server information
• Logging and Monitoring
• Learning tools to spider a website
• Analyzing website contents
• Brute forcing unlinked files and directories
• Fuzzing
• Web authentication mechanisms
• Username harvesting and password guessing
• Burp Intruder
• Session management and attacks
• Authentication and authorization bypass
• Mutillidae
• Command Injection
• Directory traversal
• Local File Inclusion (LFI)
• Remote File Inclusion (RFI)
• Insecure Deserialization
• SQL injection
• Blind SQL injection
• Error-based SQL injection
• Exploiting SQL injection
• SQL injection tools: sqlmap
• XML External Entity (XXE)
• Cross-Site Scripting (XSS)
• Browser Exploitation Framework (BeEF)
• AJAX
• XML and JSON
• Document Object Model (DOM)
• API attacks
• Data attacks
• Cross-Site Request Forgery (CSRF)
• Python for web app penetration testing
• WPScan
• ExploitDB
• BurpSuite Pro scanner
• Metasploit
• When tools fail
• Business of Penetration Testing:
o Preparation
o Methodology
o Post Assessment and Reporting
هدف از این دوره آشنایی دانشجو با حملات و مشکلات امنیتی نرم افزار های تحت وب است
